Article Categories

Sunday, September 30, 2007

Well, now, this is one blog post that is too important to put off. Thanks, Nellie2!

It seems that Sun Microsystems, Inc. is finally improving their update process. As announced last week:

"Sun Microsystems, Inc., is announcing two new Java SE security response features, each designed to strengthen the Java platform's position as one of the most widely used, secure software platforms available. The new features include Sun's synchronized release of Java SE security fixes, and advance customer notification of those releases. They are designed to complement Sun's existing Sun Alert notifications, as well as the built-in Java Auto Update tool for Microsoft Windows users, and build a foundation for additional Sun Connection services and a customized Java SE platform for production environments that are expected in 2008."

I have not been impressed with Sun Java and, in fact, have yet to install it on my new laptop. The "built-in Java Auto Update tool" has been a rather poor performer. Let's hope things are improving. See below for the first update schedule.

"The following is our first advance notification of security updates for Java SE.

On the week of October 1, 2007, Sun will be releasing security updates with JDK and JRE 6 Update 3, JDK and JRE 5.0 Update 13, and SDK and JRE 1.4.2_16. This will be followed by the release of SDK and JRE 1.3.1_21 on the second week of October 2007.

This is Sun's first step towards the simultaneous release of security fixes across all supported Java SE release families. Sun expects to fully synchronize the release of security fixes across all supported releases, including J2SE 1.3.1 in 2008. Note that J2SE 1.3.1 has completed the Sun "End of Life" (EOL) process and is only supported for the Solaris Operating Environment and customers on Sun's Vintage Support Offering."

I just realized that this post has been in draft mode since last week! Yes, I have been busy with other tasks but I am determined to get this published today, just in case some of my regular readers may have missed the news.

DreamScene

The Windows Vista Teams have been busy in several arenas. In addition to the expected Tuesday update of Windows Defender definitions, saw there was an optional Windows Update for Windows DreamScene. When I checked the Windows Ultimate Team blog, I discovered the announcement: Windows DreamScene released! This updates the beta version of the Windows DreamScene Content released in March of this year.

Friday, September 28, 2007

As was reported in How Windows Update Keeps Itself Up-to-Date Microsoft customers who use the Windows Update received an update to the service. Unfortunately, this change has affected customers who repaire their systems using a Windows XP CD. This method or repairing the system replaces all system files (including Windows Update) on the machine with older versions of those files and restores the registry.

The problem, as explained by Nate Clinton (Program Manager, Windows Update) is

"the latest version of Windows Update includes wups2.dll that was not originally present in Windows XP. Therefore, after the repair install of the OS, wups2.dll remains on the system but its registry entries are missing. This mismatch causes updates to fail installation."

If you are affected, contact Product Support Services. In the U.S. and Canada, help with security update issues or viruses can be obtained at no charge using the PC Safety line (1-866-PC-SAFETY). For locations outside the U.S. and Canada, go to http://support.microsoft.com/security for the number in your area.

Sunday, September 23, 2007

I have been feeling very negligent because I have not provided Security Garden readers with information on the latest updates that Bill Pytlovany has made to WinPatrol. I am going to remedy that with this post.

The first change was the minor update earlier this month when version 12.0.2007.5 was released. For long-time WinPatrol users who missed the original Scotty icon in the system tray, this version includes a new option that allows you to select the original black Scotty icon.

Lastly, just announced today, is a New Win Patrol Plus Data Collection option being added to WinPatrol in order to increase the precision of the PLUS database. As Bill explains:

"To accomplish this, our new version (12.1.2007.5) will be collecting more data on requested programs. This is strictly information on the file and not the user. Typical data sent will incude version, company name, install path, file date, file size and date detected. The results will be better detection of rootkits and other more devious attacks. It will also help detect outdated system files which may create unstable versions of Windows. (Something which has caused me grief recently)

This will be an “Opt-in” decision for both free and PLUS WinPatrol users. By default, this option will be off. By checking the option users give permission for their data to be used to improve our results.

Thursday, September 20, 2007

Although the time on my computers has always been correct, it appears many people have not been so fortunate. Ed Bott has posted instructions on How to fix Internet time sync. Like others, he has apparently not had success with the clock synchronized with time.windows.com and changes the location to one of the U.S. government servers.

With Windows Vista, it is easy to access Date and Time. Just click Start (the Vista Orb) and start typing "date and time". You will find it the second selection after typnig "da".

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Saturday, September 15, 2007

Earlier in the week I took my camera to work to catch a shot of Kodak Building 50 before it was imploded this morning. The picture below was taken from my office window. I annotated it to show the location of the former Building 9 that was imploded on June 30. In the distance is Kodak Office, about four miles south of this site.

Building 50 was built in 1918 and a source for the paper that so many Kodak memories have been printed on the past 89 years. Although I did not go to the "event", my husband and heard it from 4.5 miles away. The picture below of the dust cloud created as the 174,000 square foot Building 30 was becoming a memory was taken from the roof of the Research Laboratories. The complex was off limits this weekend to all but essential personnel and, obviously, the press.

I have no doubt that regular readers of Security Garden have noticed the rather substantial slowdown in new posts. There are two reasons.

The first reason is the title of this post, ASAP (Alliance of Security Analysis Professionals). I have been spending a fair amount of my on-line time devoted to ASAP issues. There has been a rather substantial increase in member applications lately. In fact, two new sites were recently added to ASAP. This post provides a perfect opportunity to welcome both sites to ASAP.

Alphabetically, first comes AntiSlyware. AntiSlyware is the brain-child of fellow Microsoft MVP, Tom "Coyote" Wilson. Members of the security community know Tom and his many years of involvement. For those who don't know him, you can meet Tom here.

Now, what is the other reason for the sporadic posting here? Truthfully, my ISP has changed their TOS (terms of service), resulting in a substantially reduced number of hours of service provided. Granted, I could upgrade to a different level of service with the ISP. However, the price tag is almost as much as broadband. Yes, I am still on dialup. Unfortunately, there is little competition in my area for broadband services and the cost for cable access if over five times what I pay for dial-up, with DSL about triple. So, for the time being, I am conserving my on-line time or will find myself unable to connect before the month ends.

I must admit, after seven years with the same ISP, it is rather bittersweet thinking that I will need to move to a different service in order to continue providing the same level of help on the forums, here and the project on the back burner to revamp Windows Vista Bookmarks.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Thursday, September 13, 2007

That is right, "The Ultimate Steal" program is being extended by Microsoft from Australia to include students actively enrolled at eligible educational institutions in the U.S., Canada, U.K., Spain, Italy and France. Those students who can meet the requirements will be able to purchase Office Ultimate 2007 via the Web "for a steal". The package normally sells for $679 (USD) but will be available at the student price of $59.95 (USD).

Microsoft Office Ultimate includes Office Groove 2007 and Office OneNote 2007. The promotion is scheduled to run until April 30, 2008. Go to The Ultimate Steal to find out if you are eligible.